CVE-2025-14858
Received Received - Intake

Information Disclosure in Semtech LR11xx Firmware Validation via SPI

Vulnerability report for CVE-2025-14858, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-07

Last updated on: 2026-04-07

Assigner: Sierra Wireless Inc.

Description

The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-07
Last Modified
2026-04-07
Generated
2026-07-06
AI Q&A
2026-04-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
semtech lr11xx *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-226 The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can lead to unauthorized disclosure of the device's firmware. An attacker with physical access to the SPI interface can extract decrypted firmware code, potentially exposing proprietary or sensitive information. This could facilitate reverse engineering, intellectual property theft, or further attacks on the device by understanding its firmware.

Executive Summary

The Semtech LR11xx LoRa transceivers running early firmware versions have an information disclosure vulnerability in their firmware validation process. When the device checks the validity of firmware via the SPI interface, it decrypts the firmware block-by-block. However, after validation, the last decrypted firmware block remains in memory and is not cleared. An attacker with physical access to the SPI interface can read this residual memory to retrieve decrypted firmware contents, bypassing the encryption protection.

Detection Guidance

This vulnerability requires physical access to the device's SPI interface and involves the firmware validation process of Semtech LR11xx LoRa transceivers. Detection would involve checking for unauthorized access or commands issued via the SPI interface that read memory after a firmware validation command.

Since the vulnerability is related to residual decrypted firmware blocks remaining in memory after validation, detection might involve monitoring SPI interface commands for suspicious memory read operations following firmware validation commands.

However, no specific detection commands or network-based detection methods are provided in the available information.

Mitigation Strategies

The vulnerability requires physical access to the SPI interface, so immediate mitigation steps include restricting physical access to the device to trusted personnel only.

Additionally, updating the firmware to a version that addresses this information disclosure vulnerability would be advisable once such an update is available.

No specific mitigation commands or procedures are provided in the available information.

Compliance Impact

The vulnerability allows an attacker with physical access to the SPI interface to retrieve decrypted firmware contents from residual memory, effectively bypassing firmware encryption protection. This information disclosure could potentially expose sensitive firmware data.

Such unauthorized disclosure of firmware data may impact compliance with standards and regulations that require protection of sensitive information, such as GDPR and HIPAA, especially if the firmware contains personal data or security-critical code.

However, the vulnerability requires physical access to the device's SPI interface, which may limit the risk depending on the deployment environment and physical security controls.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14858. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart